The invention relates generally to information security systems and methods and more particularly to information security systems and methods that provide isolation between a requestor and a security information source.
Secure computer systems and other systems are known which use cryptographic techniques to encrypt and decrypt data sent from one computer or user to another computer within a network. In typical public key cryptographic systems, digital signature key pairs, such as a signature private key and a verification public key, are used to authenticate a digital signature of a client to ensure that a message sent by client actually came from the client sending the message and has not been altered. Generally, data is digitally signed by a sender using the signature private key and authenticated by a recipient using the verification public key. In addition to digital signature key pairs, encryption key pairs are also generally used to encrypt the data being sent from one client to another client. An encryption key pair includes a decryption private key and an encryption public key. Data is encrypted using the encryption public key and decrypted by a recipient using the decryption private key. Certificates are generated by a manager or trusted certification authority for the public keys of the private/public key pair to certify that the keys are authentic and valid.
Certificates and certificate revocation lists (CRLs) should be freely disseminated in order to facilitate the secure exchange of e-mail as well as other global applications, such as electronic commerce. However, there is increasing concern shared by many enterprise domainsthat uncontrolled dissemination of certificates and CRLs will introduce potential vulnerabilities. When possible, vulnerability may be introduced as a result of outsiders obtaining access to sensitive databases or repositories where the certificates and CRLs are stored, such as X.500 directories, or other public key infrastructure (PKI) repositories, as known in the art, within the corporate network system. This has led to an unwillingness among a number of organizations to share their corporate database information. Generally, there is also an unwillingness to replicate or copy certificates and CRLs to external repositories because of the operational overhead with doing so and the difficulty in insuring that the replicated information does not become obsolete or become trusted when it should not be.
One known technique for isolating an information requester or subscriber within a networked community, is the use of a firewall server or computer. In such well-known systems, the requester is granted access to a target resource within a secure system after passing through the firewall computer. As such, the requester is typically granted direct access to the target resource. Access is typically granted based on access control information sent in an initial access request. However, such firewall-based systems still can expose highly sensitive corporate information to an outsider if the outsider is allowed to pass through the firewall, and have end-to-end access to an internal system.
Also, light weight directory access protocol (LDAP) proxy servers are known, that are used with firewalls as secondary special purpose firewalls. These special purpose firewalls are typically used to filter LDAP requests and allow accepted LDAP requests to be passed to the target LDAP server thereby allowing a client direct access to the server. Again, such firewall-based systems still can expose highly sensitive corporate information to an outsider if the outsider is allowed to pass through the firewall, and have end-to-end access to an internal system.
Other information-security systems, such as those that employ public key cryptography, have certification authorities that post certificates to a repository and a subscriber that obtains the signed certificates directly from the repository. Such systems typically also allow end-to-end access of the subscriber to the repository and typically require the same protocol to be used between a subscriber and the repository.
Accordingly, there exists a need for a system and method to allow the scaleable dissemination of the requisite security-related information, such as certificates, CRLs, and other security information, without introducing such potential security concerns relating to access to valuable corporate resources, or requiring unacceptable operational overhead.